This evening, the European Parliament, the Council and the European Commission have reached a political agreement on the Cybersecurity Act which reinforces the mandate of the EU Agency for Cybersecurity, (European Union Agency for Network and Information and Security, ENISA) so as to better support Member States with tackling cybersecurity threats and attacks. The Act also establishes an EU framework for cybersecurity certification, boosting the cybersecurity of online services and consumer devices.

Vice-President Andrus Ansip, in charge of the Digital Single Market, said: “In the digital environment, people as well as companies need to feel secure; it is the only way for them to take full advantage of Europe’s digital economy. Trust and security are fundamental for our Digital Single Market to work properly. This evening’s agreement on comprehensive certification for cybersecurity products and a stronger EU Cybersecurity Agency is another step on the path to its completion.”

Commissioner Mariya Gabriel, in charge of Digital Economy and Society, added: “Enhancing Europe’s cybersecurity, and increasing the trust of citizens and businesses in the digital society is a top priority for the European Union. Major incidents such as Wannacry and NotPetya have acted as wake-up calls, because they dearly showed the potential consequences of large-scale cyber-attacks. In this perspective, I strongly believe that tonight’s deal both improves our Union’s overall security and supports business competitiveness.”

Proposed in 2017 as part of a wide-ranging set of measures to deal with cyber-attacks and to build strong cybersecurity in the EU, the Cybersecurity Act includes:

• A permanent mandate for the EU Cybersecurity Agency, ENISA, to replace its limited mandate that would have expired in 2020, as well as more resources allocated to the agency to enable it to fulfil its goals, and
• a stronger basis for ENISA in the new cybersecurity certification framework toassist Member States in effectively responding to cyber-attacks with a greater role in cooperation and coordination at Union level.

In addition, ENISA will help increase cybersecurity capabilities at EU level and support capacity building and preparedness. Finally, ENISA will be an independent centre of expertise that will help promote high level of awareness of citizens and businesses but also assist EU Institutions and Member States in policy development and implementation.

The Cybersecurity Act also creates a framework for European Cybersecurity Certificates for products, processes and services that will be valid throughout the EU. This is a ground breaking development as it is the first internal market law that takes up the challenge of enhancing the security of connected products, Internet of Things devices as well as critical infrastructure through such certificates. The creation of such a cybersecurity certification framework incorporates security features in the early stages of their technical design and development (security by design). It also enables their users to ascertain the level of security assurance, and ensures that these security features are independently verified.

Benefits for citizens and businesses

The new rules will help people trust the devices they use every day because they can choose between products, like Internet of Things devices, which are cyber secure.

The certification framework will be a one-stop shop for cybersecurity certification, resulting in significant cost saving for enterprises, especially SMEs that would have otherwise had to apply for several certificates in several countries. A single certification will also remove potential market-entry barriers. Moreover, companies are incentivized to invest in the cybersecurity of their products and turn this into a competitive advantage.

Next steps

Following tonight’s political agreement, the new regulation will have to be formally approved by the European Parliament and the Council of the EU. It will then be published in the EU Official Journal and will officially enter into force immediately, thus paving the way for European certification schemes to be produced and for the EU Agency for Cybersecurity, ENISA, to start working on the basis of this focused and permanent mandate.

Background

The Cybersecurity Act was proposed as part of the Cybersecurity package adopted on 13 September 2017, and as one of the priorities of the Digital Single Market strategy. To keep up with the ever-evolving cyber threats, the Commission also proposed, one year later in September 2018, to create a European Cybersecurity Industrial, Technology and Research Centre and a network of Cybersecurity Competence Centres to better target and coordinate available funding for cybersecurity cooperation, research and innovation. The proposed European Cybersecurity Competence Centre will manage cybersecurity-related financial support from the EU’s budget and facilitate joint investment by the Union, Member States and industry to boost the EU’s cybersecurity industry and make sure our defense systems are state-of-the-art.

For More Information

Press release – State of the Union 2017 – Cybersecurity: The Commission scales up it’s response to cyber-attacks

Factsheet on ENISA and the EU framework for cybersecurity certification

All documents related to the package

The twelfth meeting of the Accession Conference with Montenegro at Ministerial level was held today in Brussels to open negotiations on Chapter 27 – Environment and Climate change.

The European Union delegation was led by Ms Karin Kneissl, Federal Minister for Europe, Integration and Foreign Affairs on behalf of the Austrian  Presidency of the Council of the European Union. The European Commission was represented by Mr Johannes Hahn, Commissioner for European Neighbourhood Policy and Enlargement Negotiations. The Montenegrin delegation was led by Prof. Dr. Srdjan Darmanović, Minister of Foreign Affairs, with line Minister Pavle Radulović, responsible for Sustainable Development and Tourism, intervening.

With today’s Conference, out of a total of 35 negotiation chapters, 32 chapters have now been opened for negotiations of which 3 chapters have already been provisionally closed. Further Accession Conferences will be planned, as appropriate, in order to take the process forward in the first half of 2019. The accession negotiations were launched in June 2012.

Chapter opened

Regarding the opening of negotiations on Chapter 27 – Environment and climate change, the Union has closely examined Montenegro’s present state of preparations. On the understanding that Montenegro has to continue to make progress in the alignment with and implementation of the acquis in this chapter, the EU noted that there are benchmarks that need to be met for the provisional closure of this chapter.

In addition, the EU underlined that it would devote particular attention to monitoring all specific issues mentioned in its common position. Monitoring of progress in the alignment with and implementation of the acquis will continue throughout the negotiations. The Conference will have to return to this chapter at an appropriate moment.

The benchmarks for the chapter opened are as follows:

Chapter 27 – Environment and Climate change

• Montenegro continues to align with the horizontal Directives and demonstrates that it will be fully prepared to ensure their effective implementation and enforcement at the date of accession.
• On air quality, Montenegro fully aligns with the revised Directive on the reduction of national emissions of certain atmospheric pollutants (NEC Directive 2016/2284/EU). Montenegro presents an analysis of cost-effective emission control strategies for 2020 and 2030, which shall serve as a basis for final agreement between the EU and Montenegro on its reduction obligations under the NEC Directive. Montenegro reports on an annual basis its emissions, in line with the Directive and the Convention on Long-range Transboundary Air Pollution and develops a National Air Pollution Control Programme. Furthermore, Montenegro enhances the preparation for the implementation of the acquis in this area, by regularly taking measures to reduce national air pollution, particularly in zones where EU limit values for air quality are exceeded, and by developing or updating air quality plans, as envisaged by the Directive on ambient air quality and cleaner air for Europe (Directive 2008/50/EC).
• Montenegro decides on its waste management system and dedicates appropriate funding to infrastructure investments, in line with relevant EU legislation, including the waste hierarchy. Montenegro establishes waste prevention programmes, prepares waste management plans (WMP), and adopts measures for the separate collection of waste for paper, metal, plastic and glass.
• Montenegro makes significant progress on acquis alignment in the water sector, including drinking water legislation, and Directive 2008/56/EC establishing a framework for Community action in the field of marine environmental policy. Montenegro designates the competent drinking water authorities and develops river basin management plans for each river basin district lying entirely within its territory, including the portions of international river basin districts falling within its territory.
• In the area of nature protection, Montenegro submits the list of proposed Natura 2000 sites, sufficiently covering the habitat types and species in line with the requirements of the Birds and Habitats directives, to the Commission. Montenegro demonstrates the capacity to manage the Natura 2000 network, including by affording the Ulcinj Salina the appropriate protection status and effectively implementing the necessary conservation measures leading to the improvement of its conservation status.
• Montenegro continues its alignment with the acquis in the chemicals, noise and civil protection sectors, and demonstrates that it will be fully prepared to ensure the implementation and enforcement of the EU requirements at the date of accession.
• On climate change, Montenegro continues its alignment with the acquis, notably by adopting legislation on the functioning of the European Emissions Trading System (EU ETS), in line with the EU ETS Directive 2003/87/EC and its successive amendments. Montenegro further aligns with relevant secondary legislation on monitoring and reporting, accreditation and verification, the Union Registry, free allocation, and auctioning. Montenegro makes sure that the appropriate framework is in place to implement the EU ETS in its entirety regarding the monitoring, reporting, and verification of greenhouse gas emissions.
• Montenegro, in line with the Action Plan for the transposition, implementation and enforcement of the EU acquis on environment and climate change, significantly enhances the capacity of the administrative bodies at all levels, including inspection services, further improves coordination of work and demonstrates that all appropriate administrative structures and adequate training will be in place in good time before accession to enable implementation and enforcement of the acquis in all sectors of this chapter.

Download as pdf